Debian Firefox-Esr vulnerabilities

CVE-2026-2782 [CRITICAL] CVE-2026-2782: firefox - Privilege escalation in the Netmonitor component. This vulnerability affects Fir... Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-2784 [CRITICAL] CVE-2026-2784: firefox - Mitigation bypass in the DOM: Security component. This vulnerability affects Fir... Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-4689 [CRITICAL] CVE-2026-4689: firefox - Sandbox escape due to incorrect boundary conditions, integer overflow in the XPC... Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

CVE-2026-2758 [CRITICAL] CVE-2026-2758: firefox - Use-after-free in the JavaScript: GC component. This vulnerability affects Firef... Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-2762 [CRITICAL] CVE-2026-2762: firefox - Integer overflow in the JavaScript: Standard Library component. This vulnerabili... Integer overflow in the JavaScript: Standard Library component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-2786 [CRITICAL] CVE-2026-2786: firefox - Use-after-free in the JavaScript Engine component. This vulnerability affects Fi... Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-2765 [CRITICAL] CVE-2026-2765: firefox - Use-after-free in the JavaScript Engine component. This vulnerability affects Fi... Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-2781 [CRITICAL] CVE-2026-2781: firefox - Integer overflow in the Libraries component in NSS. This vulnerability affects F... Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-4696 [CRITICAL] CVE-2026-4696: firefox - Use-after-free in the Layout: Text and Fonts component. This vulnerability affec... Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

CVE-2026-4701 [CRITICAL] CVE-2026-4701: firefox - Use-after-free in the JavaScript Engine component. This vulnerability affects Fi... Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

CVE-2026-2785 [CRITICAL] CVE-2026-2785: firefox - Invalid pointer in the JavaScript Engine component. This vulnerability affects F... Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-2774 [CRITICAL] CVE-2026-2774: firefox - Integer overflow in the Audio/Video component. This vulnerability affects Firefo... Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-2775 [CRITICAL] CVE-2026-2775: firefox - Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects ... Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-2772 [CRITICAL] CVE-2026-2772: firefox - Use-after-free in the Audio/Video: Playback component. This vulnerability affect... Use-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-2770 [CRITICAL] CVE-2026-2770: firefox - Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affec... Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-2778 [CRITICAL] CVE-2026-2778: firefox - Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML comp... Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)

CVE-2026-4720 [CRITICAL] CVE-2026-4720: firefox - Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox ... Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140

CVE-2026-4702 [CRITICAL] CVE-2026-4702: firefox - JIT miscompilation in the JavaScript Engine component. This vulnerability affect... JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Scope: local sid: resolved (fixed in 149.0-1)

CVE-2026-0884 [CRITICAL] CVE-2026-0884: firefox - Use-after-free in the JavaScript Engine component. This vulnerability affects Fi... Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Scope: local sid: resolved (fixed in 147.0-1)

CVE-2026-2767 [CRITICAL] CVE-2026-2767: firefox - Use-after-free in the JavaScript: WebAssembly component. This vulnerability affe... Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Scope: local sid: resolved (fixed in 148.0-1)